[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Portsentry help redux
- Subject: Re: [cobalt-users] Portsentry help redux
- From: "Rodolfo J. Paiz" <rpaiz@xxxxxxxxxxxxxx>
- Date: Thu Apr 5 21:48:02 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
At 4/5/01 07:39 PM -0700, you wrote:
Edited /etc/hosts.deny and removed the IP address in question
Usually portsentry only uses one killroute command, so if the hosts.deny
was used you should--in theory--be done.
Ran the command "route delete -host [ip address] reject"
The command is "route del -host [ip address] reject" normally. But far more
important, it must be the inverse of the exact command issued to block. See
your portsentry.conf for the command portsentry is using to block, then do
the same command with "route del" instead of "route add."
which appeared to work (no errors generated)
Mistake. Read the man pages for route and netstat, and make *sure* that the
route is gone.
Added the IP address to portsentry.ignore
Rebooted the server
Why reboot the server? Can't you just restart portsentry?
Is there something like a route table that I can look at to see if the
offending IP address is still there? Or otherwise, does anyone have any
other suggestions?
route and netstat. Also, check the portsentry.conf to see how portsentry is
blocking. Once you know how it blocks, you know how to unblock.
--
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx